%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:xlink='http://www.w3.org/1999/xlink'%20x='0px'%20y='0px'%20viewBox='0%200%201620%20400'%20style='enable-background:new%200%200%201620%20400;'%20xml:space='preserve'%3e%3cstyle%20type='text/css'%3e%20.st0{fill:%231A1414;}%20%3c/style%3e%3cg%3e%3cpolygon%20class='st0'%20points='221.78,8.89%20212.89,17.78%20212.89,208.89%2075.56,15.11%2064,8.89%208.89,8.89%200,17.78%200,302.22%209.33,311.11%2046.67,311.11%2055.56,302.22%2055.56,80.44%20212.89,304.89%20224.44,311.11%20259.56,311.11%20268.44,302.22%20268.44,17.78%20259.56,8.89%20'/%3e%3cpolygon%20class='st0'%20points='328.78,104.93%20319.89,113.82%20319.89,302.22%20328.78,311.11%20366.56,311.11%20375.45,302.22%20375.45,113.82%20366.56,104.93%20'/%3e%3cpath%20class='st0'%20d='M630.95,97.78l-8.89-8.89h-45.33c-14.22-5.78-30.67-8.89-48-8.89c-70.67,0-117.78,50.67-117.78,120%20c0,69.33,47.11,120,117.78,120c16.89,0,32.89-3.11,46.67-8.44v79.56l8.89,8.89h37.78l8.89-8.89v-128%20c10.22-17.78,15.55-39.56,15.55-63.11c0-23.56-5.33-45.33-15.55-63.11V97.78z%20M528.73,266.67c-36.44,0-62.22-28.44-62.22-66.67%20c0-38.22,25.78-66.67,62.22-66.67c36.44,0,62.22,28.44,62.22,66.67C590.95,238.22,565.17,266.67,528.73,266.67z'/%3e%3cpath%20class='st0'%20d='M792.06,80c-70.67,0-117.78,50.67-117.78,120c0,69.33,47.11,120,117.78,120c70.67,0,117.78-50.67,117.78-120%20C909.84,130.67,862.73,80,792.06,80z%20M792.06,266.67c-36.44,0-62.22-28.44-62.22-66.67c0-38.22,25.78-66.67,62.22-66.67%20s62.22,28.44,62.22,66.67C854.28,238.22,828.5,266.67,792.06,266.67z'/%3e%3ccircle%20class='st0'%20cx='347.45'%20cy='38.58'%20r='38.58'/%3e%3cpath%20class='st0'%20d='M1140.87,54.67c40.89,0,72.89,22.22,86.22,56.89l12,4.44l36-16.89l4.44-12C1258.2,33.78,1207.53,0,1140.87,0%20c-93.78,0-154.22,67.56-154.22,160c0,92.44,60.44,160,154.22,160c66.67,0,117.33-33.78,138.67-87.11l-4.44-12l-36-16.89l-12,4.44%20c-13.33,34.67-45.33,56.89-86.22,56.89c-57.78,0-96.44-44.89-96.44-105.33C1044.42,99.56,1083.09,54.67,1140.87,54.67z'/%3e%3cpath%20class='st0'%20d='M1416.76,80c-70.67,0-117.78,50.67-117.78,120c0,69.33,47.11,120,117.78,120c70.67,0,117.78-50.67,117.78-120%20C1534.53,130.67,1487.42,80,1416.76,80z%20M1416.76,266.67c-36.44,0-62.22-28.44-62.22-66.67c0-38.22,25.78-66.67,62.22-66.67%20c36.44,0,62.22,28.44,62.22,66.67C1478.98,238.22,1453.2,266.67,1416.76,266.67z'/%3e%3cellipse%20transform='matrix(0.9239%20-0.3827%200.3827%200.9239%2014.3841%20626.269)'%20class='st0'%20cx='1581.42'%20cy='276.98'%20rx='38.58'%20ry='38.58'/%3e%3cpath%20class='st0'%20d='M1587.85,41.15l0.79-0.89v-9.4h3.95l6.43,9.59l0.99,0.69h4.55l0.79-0.89v-1.09l-6.33-9%20c3.95-0.89,6.33-4.06,6.33-8.31c0-5.24-3.46-9-8.8-9h-13.26l-0.89,0.89v26.51l0.89,0.89H1587.85z%20M1588.65,18.5h7.12%20c1.98,0,3.36,1.48,3.36,3.46c0,1.97-1.38,3.36-3.36,3.36h-7.12V18.5z'/%3e%3cpath%20class='st0'%20d='M1593,54.01c15.53,0,27-11.38,27-27c0-15.63-11.38-27-27-27c-15.73,0-27,11.37-27,27%20C1566,42.53,1577.27,54.01,1593,54.01z%20M1593,5.24c12.56,0,21.56,9.1,21.56,21.76c0,12.66-9.1,21.76-21.56,21.76%20c-12.56,0-21.66-9.2-21.66-21.76C1571.33,14.34,1580.44,5.24,1593,5.24z'/%3e%3c/g%3e%3c/svg%3e){kind=small}
Sverige (SEK) 
Global
Danmark
Fri frakt%20rotate(-45.41)'%20style='fill:%231a1414'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e){kind=small}
%20--%3e%3csvg%20version='1.1'%20id='Lager_1'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:xlink='http://www.w3.org/1999/xlink'%20x='0px'%20y='0px'%20viewBox='0%200%2023.2%2023.7'%20style='enable-background:new%200%200%2023.2%2023.7;'%20xml:space='preserve'%3e%3cstyle%20type='text/css'%3e%20.st0{fill:%231A1414;}%20%3c/style%3e%3cg%20id='Group_11948'%20transform='translate(0)'%3e%3cg%20id='Group_11951'%20transform='translate(5.697%200)'%3e%3cpath%20id='Path_4411'%20class='st0'%20d='M5.9,11.8C2.6,11.8,0,9.2,0,5.9S2.6,0,5.9,0c3.3,0,5.9,2.6,5.9,5.9%20C11.8,9.2,9.2,11.8,5.9,11.8z%20M5.9,2.2c-2,0-3.7,1.7-3.7,3.7s1.7,3.7,3.7,3.7c2,0,3.7-1.7,3.7-3.7c0,0,0,0,0,0%20C9.6,3.9,8,2.2,5.9,2.2L5.9,2.2z'/%3e%3c/g%3e%3cg%20id='Group_11952'%20transform='translate(0%2012.107)'%3e%3cpath%20id='Path_4412'%20class='st0'%20d='M23.2,11.6H21c0-5.2-4.2-9.4-9.4-9.4s-9.4,4.2-9.4,9.4H0C0,5.2,5.2,0,11.6,0%20C18,0,23.2,5.2,23.2,11.6L23.2,11.6z'/%3e%3c/g%3e%3c/g%3e%3c/svg%3e){kind=small}
%20--%3e%3csvg%20version='1.1'%20id='Lager_1'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:xlink='http://www.w3.org/1999/xlink'%20x='0px'%20y='0px'%20viewBox='0%200%2023.8%2023.8'%20style='enable-background:new%200%200%2023.8%2023.8;'%20xml:space='preserve'%3e%3cstyle%20type='text/css'%3e%20.st0{fill:%231A1414;}%20%3c/style%3e%3cg%20id='Group_11967'%20transform='translate(-1208%20-31)'%3e%3cg%20id='Group_11949'%20transform='translate(1208%2031)'%3e%3cg%20id='Group_11956'%20transform='translate(0%200)'%3e%3cg%20id='Group_11953'%3e%3cpath%20id='Path_4413'%20class='st0'%20d='M0,12.8c0-0.3,0-0.6,0-0.9C0,5.3,5.4,0,12,0c3.2,0,6.3,1.3,8.5,3.6L19,5.1%20c-3.8-3.9-10-4-13.9-0.2c-1.9,1.8-3,4.4-3,7c0,0.2,0,0.4,0,0.7L0,12.8z'/%3e%3c/g%3e%3cg%20id='Group_11955'%20transform='translate(16.951%202.09)'%3e%3cg%20id='Group_11954'%3e%3cpath%20id='Path_4414'%20class='st0'%20d='M5,0L0,3.9l4.4,0.5L5,0z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg%20id='Group_11960'%20transform='translate(1.886%2010.997)'%3e%3cg%20id='Group_11957'%20transform='translate(1.439)'%3e%3cpath%20id='Path_4415'%20class='st0'%20d='M8.6,12.8c-3.2,0-6.3-1.3-8.6-3.6l1.5-1.4c1.9,1.9,4.4,3,7.1,3c5.4,0,9.8-4.4,9.8-9.8%20c0-0.2,0-0.4,0-0.7L20.5,0c0,0.3,0,0.6,0,0.9C20.5,7.5,15.2,12.8,8.6,12.8z'/%3e%3c/g%3e%3cg%20id='Group_11959'%20transform='translate(0%206.238)'%3e%3cg%20id='Group_11958'%3e%3cpath%20id='Path_4416'%20class='st0'%20d='M0,4.4l5-3.9L0.5,0L0,4.4z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e){kind=small}
%20--%3e%3csvg%20version='1.1'%20id='Lager_1'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:xlink='http://www.w3.org/1999/xlink'%20x='0px'%20y='0px'%20viewBox='0%200%2022.8%2024'%20style='enable-background:new%200%200%2022.8%2024;'%20xml:space='preserve'%3e%3cstyle%20type='text/css'%3e%20.st0{fill:%231A1414;}%20%3c/style%3e%3cg%20id='Group_11968'%20transform='translate(-1234%20-31)'%3e%3cg%20id='Group_11950'%20transform='translate(1234%2031)'%3e%3cg%20id='Group_11961'%20transform='translate(0%204.409)'%3e%3cpath%20id='Path_4417'%20class='st0'%20d='M21.4,19.6H0.9l-0.5-0.5C0.1,18.9,0,18.5,0,18.1L2.1,1.2C2.2,0.5,2.7,0,3.4,0H20%20c0.7,0,1.3,0.5,1.4,1.2l1.5,17.4l-0.4,0.6C22.2,19.5,21.8,19.6,21.4,19.6z%20M2.2,17.5h18.5L19.3,2.1H4.1L2.2,17.5z%20M4.1,1.4%20L4.1,1.4z'/%3e%3c/g%3e%3cg%20id='Group_11962'%20transform='translate(5.875%200)'%3e%3cpath%20id='Path_4418'%20class='st0'%20d='M2.1,9.5H0V6.1C0,2.7,2.5,0,5.5,0S11,2.7,11,6.1v3.3H8.9V6.1c0-2.2-1.5-4-3.4-4%20s-3.4,1.8-3.4,4L2.1,9.5z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e){kind=small}
Privacy Notice
Swedish Match Retail AB, Reg. No. 559411-2046 is the data controller. Swedish Match Retail AB is an affiliate member of Philip Morris International, a collective group of businesses. All affiliate members of the group are listed here along with data protection officer contact points where relevant. Please use these details if you wish to contact us.
Our full details (address, etc.) will have been given to you separately at the time of (or to confirm) the collection of information about you, for example, in a notice on an app or a website, or in an e-mail, containing a link to this notice.
- ‘Philip Morris International or PMI means Philip Morris International, a leading international tobacco group. It is made up of a number of companies or “affiliates”.
- PMI affiliates: Each member of the Philip Morris International group of companies is a “PMI affiliate”. “We” (or “us” or “our”) refers to the PMI affiliate that first collected information about you.
- PMI product: means a product of ours or of another PMI affiliate.
We may collect information about you in various ways.
- You may provide us with information directly (e.g. filling in a form, making a call to us, or uploading information to us via a mobile app).
- We may collect information automatically when you interact with our systems or we communicate with you (e.g. when you use a PMI app or website or, where we use technologies to observe when you receive or open e-mails or receive SMS messages).
- We may also acquire information from third parties (e.g. publicly-available information on social media platforms such as Facebook and Twitter, or statistical information about the population in certain geographical areas).
- For example, where permitted by law, we may infer information about you from aggregated information we acquire from third parties. This may include, for example, statistical information about people in certain geographical areas.
In this notice, we refer to all the methods by which you are in contact with us as “PMI touchpoints”. PMI touchpoints include both physical (for example, retail outlets and events, consumer contact centres), and digital (for example, apps and websites).
We may collect information that you provide directly. Typically, this will happen when you:
- sign up to be a member of our databases (including loyalty programs), which will include performing age verification (this could be, for example, in person, via app, or online);
- request information about our products
- purchase PMI products or services at a retail outlet;
- download, or use, a PMI digital touchpoint (e.g. an app or a website);
- contact us through a touchpoint, or by e-mail, social media or telephone;
- subscribe to a PMI panel portal;
- register to receive PMI press releases, e-mail alerts, or marketing communications;
- participate in PMI surveys or (where permitted by law) PMI competitions or promotions; or
- attend an event that a PMI affiliate has organised.
We may collect information about you automatically. Typically, this will happen when you:
- visit an outlet that sells PMI products (for example, by collecting your data at check-out, or through sensors at the outlet that connect with mobile technology);
- attend an event that a PMI affiliate has organised (for example, through purchases at the event or through sensors at the event that connect with mobile technology);
- communicate with us (for example, through a touchpoint, or social media platforms);
- use PMI touchpoints (for example, through tracking mechanisms (such as cookies and web beacons/pixels), where we use them, that you receive when you use the PMI touchpoint or get an e-mail or SMS message from us);
- use third party websites (for example, using technology similar to that described in the bullet above, that you receive when you visit a PMI touchpoint or get an e-mail from us); or
- make public posts on social media platforms that we follow (for example, so that we can understand public opinion, or respond to requests concerning PMI products).
As mentioned above, we may collect information about you automatically through the use of cookies and similar tracking technologies (such as web beacons/pixels) that you receive when you visit digital PMI touchpoints or get an electronic message from us. The specific cookies and other mechanisms used will depend on the touchpoint in question. To learn about these mechanisms used on a PMI touchpoint, including how you can accept or refuse cookies, please see the information made available on or through that touchpoint. These mechanisms may include analytics cookies (such as Google, see www.google.com/policies/privacy/partners/.)
Where permitted by law, we may acquire information about you from third parties. This may include information shared between PMI affiliates, publicly available profile information (such as your preferences and interests) on third party social media sites (such as Facebook and Twitter), marketing lists and supplementary information acquired from third party agencies.
Where permitted by law, we may infer information about you from information about you that we already have. For example, we may use aggregated information about people in certain geographical areas, that we acquire from third parties, to infer your preferences.
We may also collect information in other contexts made apparent to you at the time.
We may collect various types of information about you:
- information about your orders, including information necessary to fulfil them
- information you give us in forms or surveys, and similar information that you give to third parties to be transferred to us
- information about your location, where you choose to share it with us (for example, on your mobile phone)
- information about your visits to our outlets or events (or outlets or events of others with whom we work)
- information you give us in communications (e.g. calls, chats, e-mails, SMS messages) you have with contact centers
- information about your preferences and interests (including information that we infer from other information, for example from statistical information)
- information necessary to verify your age
- information about your experiences using our products and services
- statistical information about you (for example, statistical information about people in certain geographical areas)
Information that we collect from you directly will be apparent from the context in which you provide it. For example:
- if you order a product from us through a touchpoint, you provide your name, contact, billing details, payment methods, and the products you have chosen so that we can fulfil your order;
- you may provide information on your product preferences, interests and experiences so that we can offer you products and services that will interest you, and to improve our products and services;
- if you make an appointment to see us (or someone supporting our products or services), we may collect your name and contact details;
- we may collect information that enables us to verify your age;
- if you communicate with one of our contact centers, you may give us information, for example about your experiences using our products and services, to allow us to deal with your requests.
Information that we collect automatically will generally concern:
- details of your visit or call (such as time, date, and duration);
- recordings (where permitted) of your calls or visits to PMI touchpoints, which we may transcribe to text format;
- in a sales outlet or at an event (including areas in the immediate vicinity), how frequently you visit, which areas you visit and for how long, and which purchases you make;
- your use of digital PMI touchpoints (such as the pages you visit, the page from which you came, and the page to which you went when you left, search terms entered, or links clicked within the touchpoint, when you first open the touchpoint, for how long you use it, and how you interact with messages we send you or advertisements we show you); we may use cookies and similar tracking technologies (such as pixels/web beacons) to do this;
- your use of third-party websites, where the information collected will be similar to that described in the bullet above (we may use cookies and similar tracking technologies (such as pixels/web beacons) to do this);
- your mobile or desktop device and software (such as your IP address or unique device identifier (for example, mobile advertising identifier (MAID) or Android ID (SSAID)), location data (either your general location (derived from your IP address, in which case the information we have will be general, e.g. the town you are in), or your precise location (if you choose to share it with us for specified purposes, e.g. store locator)), device brand and model, the display settings of your monitor, web browser type, operating system, (some of which may be used in “digital fingerprinting” (see for what purposes we use information about you, below)) and details of any cookies (or similar technologies) that we may have stored on your device); and
Information that we collect from third parties will generally consist of publicly available information (such as your preferences, interests and experiences), for example from public social media posts.
In this section, we describe the purposes for which we use personal information. However, this is a global notice, and where the laws of a country restrict or prohibit certain activities described in this notice, we will not use information about you for those purposes in that country.
Subject to the above, we use information about you for the following purposes:
- To comply with regulatory obligations, such as verifying your age and status as a user of our products
- To sell our products to you, including fulfilling your orders, processing your payments
- To provide sales-related and product support services to you, including dealing with your inquiries and requests, and providing support services
- To market our products (where permitted by law), including administering loyalty programs and referral programs, product improvement, market research (and for the purposes of demonstrating fair practices in market research), developing marketing strategies, administering marketing campaigns, and customizing your experiences, for example at outlets that sell PMI products and at events, and the content of messages we send you or advertisements we show you
- To understand whether you are still engaged with our marketing and whether you wish to continue to receive it
- For us or our business partners to inform you of potential opportunities to get involved in marketing or promoting PMI products
- To enable you to use, and improve your experience of PMI touchpoints
- To support all the above, including administering your accounts, corresponding with you, managing your appointments with us or with someone supporting our products or services (for example, regarding a new product, or after-sales service), customizing your experiences of PMI touchpoints, fraud prevention (for example in the context of our promotions, competitions and surveys, to ensure that they are not taken more than once by the same person, or in the context of e-commerce to protect cardholder information), personnel training and quality control, and administration and troubleshooting
- For business analytics, statistical or scientific purposes, including improving PMI products (and services, outlets and events, and the information that we (or our affiliates) provide to our consumers
- For other purposes that we notify you of, or will be clear from the context, at the point information about you is first collected
The legal basis for our use of information about you is one of the following (which we explain in more detail in the “find out more” section):
- compliance with a legal obligation to which we are subject;
- the performance of a contract to which you are a party;
- a legitimate business interest that is not overridden by interests you have to protect the information;
where none of the above applies, or where law requires it, your consent (which we will ask for before we process the information).
The purposes for which we use information about you, with corresponding methods of collection and legal basis for use, are:
|
Purpose |
Method of collection and legal basis for processing |
|
Comply with regulatory obligations · verify your age and status as a user of our products (depending on the country and on the PMI touchpoint, this can be a manual or an automated process; in some countries you will upload or give us access to your facial image (photograph/video), which computers will review to automatically determine your age (but without identifying you)). |
This information is generally provided to us by you directly. We use it because it is necessary for us to comply with a legal obligation to sell products only to adults, or, in countries where there is no such legal obligation, because we have a legitimate business interest to sell our products only to adults that is not overridden by your interests, rights and freedoms to protect information about you. |
|
Sell our products · fulfil your orders (including sending receipts) · process your payments · provide support services |
This information is generally provided to us by you directly (typically, name, address, e-mail address, payment information). We use it to discharge our contractual obligations to you as a buyer of our products. |
|
Provide sales-related and product support services · deal with your inquiries and requests, and information about your experiences with our products and services · correspond with you · general administration and troubleshooting · administer loyalty programs |
This information is generally provided to us by you directly but may be combined with information that we collect automatically (for example, using technology (such as cookies and web beacons/pixels) to monitor your use of PMI touchpoints and e-mails from us), and using similar technology to monitor your use of third party touchpoints; and (where permitted by law) information that we acquire from third parties (such as public social media posts). We use it because we have a legitimate business interest in providing sales-related and product support services to our customers that is not overridden by your interests, rights and freedoms to protect information about you. |
|
Market our products (where permitted by law) · understand your preferences (such as what products or events may interest you or may be better tailored to your needs) and, where permitted by law, market to you personally · understand whether you are still engaged with our marketing and whether you wish to continue to receive it · administer loyalty programs · invite you to participate in, and administer, surveys or market research campaigns · for market research, and for demonstrating fair market research practices · develop marketing strategies · administer marketing campaigns · customize your experience of PMI touchpoints (for example, to personalize your visit, such as with greetings or suggestions that might interest you) |
This will typically be a combination of information that you provide to us (for example, your name and contact and social media details); information that we collect automatically (for example, using technology (such as cookies and web beacons/pixels) to monitor your use of PMI touchpoints and electronic messages (e.g. postal mail, e-mails and SMS) from us), and using similar technology to monitor your use of third party touchpoints; and (where permitted by law) information that we acquire from third parties (such as public social media posts). We use it on the grounds that either: · we have your consent to do this (these cases will be clear from the context); or · we have a legitimate business interest to market our products, to operate PMI touchpoints, to customize your experiences, and to understand whether you wish to continue to receive our marketing, in these ways that is not overridden by your interests, rights and freedoms to protect information about you. |
|
Market our products (where permitted by law) · provide you with information about, and to manage, PMI affiliates, their promotions, products and services, outlets, events and the regulation of our products · customize your marketing experience with us, for example with customised messages and offers we send you, or advertisements we show you · develop and improve tools to pursue these purposes |
This will typically be a combination of information that you provide to us (for example, your name and contact and social media details); information that we collect automatically (for example, using technology (such as cookies and web beacons/pixels) to monitor your use of PMI touchpoints and electronic messages (e.g. postal mails, e-mails and SMS) from us), and using similar technology to monitor your use of third party touchpoints; and (where permitted by law) information that we acquire from third parties (e.g. public social media posts, and statistical information). We use it on the grounds that we have a legitimate business interest to market these things that is not overridden by your interests, rights and freedoms to protect information about you. In certain countries, where required by law, we will send you these materials in electronic format, and use these technologies, only with your consent. |
|
Use of PMI touchpoints To enable you to use, and improve your experience of PMI touchpoints |
We use it on the grounds either that (a) we have a legitimate business interest to provide you with PMI touchpoints, and to provide you with this support, which is not overridden by your interests, rights and freedoms to protect information about you; or (b) that you have consented to these uses (these cases will be clear from the context). |
|
Support for all the above purposes · administering your accounts · enabling you to use PMI touchpoints (for example, allowing you to remain logged in to sections of a touchpoint that are reserved for authorized users only, administering your language preference, associating your shopping cart with you, enabling certain features of the PMI touchpoint, (where you choose to share your location)) · corresponding with you · · enhancing your experience with our products · fraud prevention (for example in the context of our promotions, competitions and surveys, to ensure that they are not taken more than once by the same person, or in the context of e-commerce to protect cardholder information) · personnel training and quality control (including using transcriptions of recordings of calls to contact centers to produce aggregated insights), and administration and troubleshooting |
This will typically be a combination of information that you provide to us (typically, name, password (or equivalent)) and information that we collect automatically (for example cookies and similar tracking technologies, “digital fingerprinting” as described above, and (where permitted) recordings of your calls (and transcriptions of those recordings) or visits to PMI touchpoints). We use it on the grounds that correspond to the purpose for using the information that we are supporting. For example, where we administer your account to support a purchase or to provide after-sales service, we use the information to discharge our contractual obligations to you as a buyer of our products; where we administer your account to show you our products, we are supporting marketing and so we use it on the grounds that we have a legitimate business interest to market our products that is not overridden by your interests, rights and freedoms to protect information about you, and so on. |
|
Business analytics and improvements · allowing us or our business partners to inform you of potential opportunities to get involved in promoting PMI products · for business analytics, statistical or scientific purposes, , services, outlets that sell PMI products, events, digital PMI touchpoints and the information that we (or our affiliates) provide to our customers) |
This will typically be a combination of information that you provide to us (such as information from your communications with PMI touchpoints; or demographic information, e.g. your age, gender and the city where you live); information that we collect automatically; and (where permitted by law) information that we acquire from third parties. Where we have more than one type of information from these categories, we will combine them to improve our analysis. We use it on the grounds that either: · we have your consent to do this (these cases will be clear from the context); or · we have a legitimate business interest to analyze and to improve our business performance, our products, PMI touchpoints, outlets and events, and to invite others to get involved in promoting PMI products, that is not overridden by interests, rights and freedoms to protect information about you. |
Where we do not base our use of information about you on one of the above legal bases, or where law requires it, we will ask for your consent before we process the information (these cases will be clear from the context).
In some instances, we may use information about you in ways that are not described above. Where this is the case, we will provide a supplemental privacy notice that explains such use. You should read any supplemental notice in conjunction with this notice.
We may share information about you with:
- PMI affiliates;
- third parties who provide PMI affiliates or you with products or services;
- PMI affiliates’ carefully selected business partners and advertisers (in areas connected with our products, or consistent with their style and image) so that they can contact you with offers that they think may interest you, in accordance with your preferences; and
- other third parties, where required or permitted by law.
We share information about you with others only in accordance with applicable laws. Thus, where law requires your consent, we will first ask for it.
READ LESS
Sharing data with other PMI affiliates
- Information about you will be shared with Philip Morris Products S.A. (based in Neuchâtel, Switzerland), which is the place of central administration of personal data processing for PMI affiliates. Philip Morris Products S.A. processes the information about you for all the purposes described in this notice.
- Information about you may be shared with the PMI affiliate that is responsible for the country in which you live (if it wasn’t the PMI affiliate that first collected the information) for all the purposes described in this notice.
- Information about you may be shared with any other PMI affiliate that you contact (for example, if you travel and you want to know where to buy PMI products in a new country, or where to find service or support for PMI products) in order to enhance our service to you.
Details of PMI affiliates and the countries in which they are established are available via our website.
Sharing data with Third Parties
- To the extent permitted by applicable law, we may share information about you with third parties who provide PMI affiliates or you with products or services (such as advisers, payment service providers, delivery providers, retailers, product coaches, information services providers and age verification providers).
- To the extent permitted by applicable law, we may share information about you with PMI affiliates’ carefully selected third party business partners and advertisers (in line with the kind of thing you might associate with our products, for example because they have similar or complementary image, style, or functionality) so that they can contact you with products, services and promotions that they think may interest you, in accordance with your preferences.
- We may share information about you with other third parties, where required or permitted by law, for example: regulatory authorities; government departments; in response to a request from law enforcement authorities or other government officials; when we consider disclosure to be necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity; and in the context of organisational restructuring.
As with any multinational organisation, we transfer information globally to our affiliates and service providers. Your data may therefore be transferred to other countries as part of our standard operations. Whenever we transfer your data abroad, we will limit access to your data only to those who need to see it, process your data in accordance with our internal data protection standards, protect it appropriately and only transfer information in compliance with applicable data privacy laws. When data is transferred, we will require the receiving party to keep your data confidential, delete it when it is no longer required and act in accordance with this privacy notice. Accordingly, information about you may be transferred outside of your jurisdiction. For example, if you live in the EU, EEA, UK, Australia or Japan, your data may be processed in another country.
When using information as described in this notice, information about you may be transferred either within or outside the country or territory where it was collected, including to a country or territory that may not have equivalent data protection standards.
For example, we and other PMI affiliates within the EU and EEA may transfer personal information to PMI affiliates, or to their service providers, outside the EU and EEA. In all such cases, the transfer will be:
- on the basis of a European Commission adequacy decision;
- subject to appropriate safeguards, for example the EU Standard Contractual Clauses or binding corporate rules; or
- with your consent or as necessary to discharge obligations under a contract between you and us (or the implementation of pre-contractual measures taken at your request) or for the conclusion or performance of a contract concluded in your interest between us and a third party, such as in relation to travel arrangements.
For transfers from the UK, in accordance with the UK GDPR and guidance of the Information Commissioner’s Office.
In all cases, appropriate security measures for the protection of personal information will be applied in those countries or territories, in accordance with applicable data protection laws.
Our service providers are located in many countries throughout the world, including in particular the EEA, Switzerland, the USA, Canada, India, the Philippines, Indonesia, and Australia.
We implement appropriate technical and organisational measures to protect personal information that we hold from unauthorised disclosure, use, alteration or destruction. Where appropriate, we use encryption and other technologies that can assist in securing the information you provide. We also require our service providers to comply with strict data privacy and security requirements.
We will retain information about you for the period necessary to fulfil the purposes for which the information was collected in accordance with our internal data retention standards. After that, we will delete it. The period will vary depending on the purposes for which the information was collected. Note that in some circumstances, you have the right to request us to delete the information. Also, we are sometimes subject to legal obligations, legally obliged to retain the information, for example, for tax and accounting purposes, to either retain the information for a set minimum period of time, or to delete it after a set maximum period of time.
Typically, we retain data based on the criteria described in the table below. Where these periods conflict with legal obligations, for example, for tax and accounting purposes, to either retain the information for a set minimum period of time, or to delete it after a set maximum period of time, we apply those set periods instead.
|
Type |
Explanation/typical retention criteria |
|
marketing to you (including marketing communications) (if you use digital touchpoints and are contactable) |
Most of the information in your marketing profile is kept for the duration of our marketing relationship with you; for example, while you continue to use digital touchpoints, or respond to our communications. However, some elements of your marketing profile, such as records of how we interact with you, naturally go out of date after a period of time, so we delete them automatically after defined periods (typically 3 years) as appropriate for the purpose for which we collected them. |
|
marketing to you (including marketing communications) (if you are no longer in contact with us) |
This scenario is the same as the above, but if we don’t have any contact with you for a long period (typically 2 years), we will stop sending you marketing communications and delete your history of responses to them. This will happen, for example, if you never click through to an invitation to an event, log on to a digital touchpoint, or contact customer care, during that time. The reason is that in these circumstances, we assume you would prefer not to receive the communications. |
|
marketing to you (including marketing communications) (if you are not contactable) |
If you have registered to receive marketing communications, but the information you give us to contact you doesn’t work, we will retain your details for a period of typically only 1 year to allow you to return and correct it. |
|
marketing to you (including marketing communications) (incomplete registrations) |
If you commence registering yourself in a database, but do not complete the process (for example, if you don’t complete the age verification process, or you don’t accept the touchpoint’s terms of use), we will retain your details (to allow you to return and complete the process) for up to 30 days, depending on the type of information missing. |
|
market research |
If you are not registered with us for other purposes (e.g. marketing communications, customer care), and we use publicly available information about you in order to understand the market or your preferences, we will retain the information about you for a short period in order to perform the particular item of market research. If we collect information about you in other market research contexts, we will retain that information:
|
|
purchases, loyalty transactions |
If you purchase goods or perform a loyalty transaction, we will retain details of this for so long as required to complete the sale, and to comply with any legal obligations (for example, for tax and accounting record-keeping purposes and fraud-prevention purposes. |
|
customer care |
If you contact customer care, we will make a record of the matter (including details of your enquiry and our response) and retain it while it remains relevant to our relationship, for example if your recent enquiries are relevant. Temporary records (for example, an automated recording of a telephone call in which you ask us to direct you to a retail outlet) may be relevant only until more permanent records are made and will be retained only temporarily. |
|
system audit and fraud prevention |
System audit logs are retained typically for a period of up to 6 months for system recovery and for up to 10 years for fraud prevention. |
|
business analytics |
We keep most business analytics data for the duration of our marketing relationship with you as described in the first line of this table above. However, some elements of it naturally go out of date after a period of time, so we delete them automatically after defined periods as appropriate for the purpose for which we collected them. |
|
age verification |
The details you submitted for us to verify your age are deleted once we have completed the process of verification. We operate several processes for doing this and the retention period varies according to the process that is followed, from a few minutes to six months. We also keep some details separately, for fraud prevention purposes – see above. |
You may have some or all of the following rights in respect of information about you that we hold:
- request us to give you access to it;
- request us to rectify it, update it, or erase it;
- request us to restrict our using it, in certain circumstances;
- object to our using it, in certain circumstances;
- withdraw your consent to our using it;
- data portability, in certain circumstances;
- opt out from our using it for direct marketing; and
- lodge a complaint with the supervisory authority in your country (if there is one).
We offer you easy ways to exercise these rights, such as “unsubscribe” links, or giving you a contact address, in messages you receive.
Some mobile applications we offer might also send you push messages, for instance about new products or services. You can disable these messages through the settings in your phone or the application.
The rights you have depend on the laws of your country. If you are in the UK, European Union, European Economic Area, you will have the rights set out in the table below. If you are elsewhere, you can contact us (see the paragraph “who should you contact with questions?” at the end of this notice) to find out more.
|
Right in respect of the information about you that we hold |
Further detail (note: certain legal limits to all these rights apply) |
|
to request us to give you access to it |
This is confirmation of: · whether or not we process information about you; · our name and contact details; · the purpose of the processing; · the categories of information concerned; · the categories of persons with whom we share the information and, where any person is outside the UK/EU/EEA and does not benefit from a European Commission adequacy decision, the appropriate safeguards for protecting the information; · (if we have it) the source of the information, if we did not collect it from you; · (to the extent we do any, which will have been brought to your attention) the existence of automated decision-making, including profiling, that produces legal effects concerning you, or significantly affects you in a similar way, and information about the logic involved, as well as the significance and the envisaged consequences of such processing for you; and · the criteria for determining the period for which we will store the information. On your request we will provide you with a copy of the information about you that we use (provided this does not affect the rights and freedoms of others). |
|
to request us to rectify or update it |
This applies if the information we hold is inaccurate or incomplete. |
|
to request us to erase it and in some cases an extension of this right, the right to be forgotten |
This applies if: · the information we hold is no longer necessary in relation to the purposes for which we use it; · we use the information on the basis of your consent and you withdraw your consent (in this case, we will remember not to contact you again, unless you tell us you want us to delete all information about you in which case we will respect your wishes); · we use the information on the basis of legitimate interest and we find that, following your objection, we do not have an overriding interest in continuing to use it; · the information was unlawfully obtained or used; or · to comply with a legal obligation. |
|
to request us to restrict our processing of it |
This right applies, temporarily while we look into your case, if you: · contest the accuracy of the information we use; or · have objected to our using the information on the basis of legitimate interest (if you make use of your right in these cases, we will tell you before we use the information again). This right applies also if: · our use is unlawful and you oppose the erasure of the data; or · we no longer need the data, but you require it to establish a legal case. |
|
to object to our processing it |
You have two rights here: (i) if we use information about you for direct marketing: you can “opt out” (without the need to justify it) and we will comply with your request; and (ii) if we use the information about you on the basis of legitimate interest for purposes other than direct marketing, you can object to our using it for those purposes, giving an explanation of your particular situation, and we will consider your objection. |
|
to withdraw your consent to our using it |
This applies if the legal basis on which we use the information about you is consent. These cases will be clear from the context (for example, if you gave your consent using the preference center in one of our apps, you can withdraw your consent by turning off the corresponding toggle). |
|
to data portability |
If: (i) you have provided data to us; and (ii) we use that data, by automated means, and on the basis either of your consent, or on the basis of discharging our contractual obligations to you, then you have the right to receive the data back from us in a commonly used format, and the right to require us to transmit the data to someone else if it is technically feasible for us to do so. |
|
to lodge a complaint with the supervisory authority in your country |
If you have any complaint, we will welcome an opportunity to resolve it for you directly. Please consider contacting us via the contact details linked to at the start of this notice before contacting a supervisory authority. If you do wish to contact a supervisory authority, details are as follows: · For the European Union or European Economic Area, you can contact your local authority as listed on the Europa website via this link. If you are unsure who your jurisdiction’s supervisory authority is, please contact us using the details linked to at the top of this page. · For the UK, you can contact the Information Commissioner’s Office via this link. · For other countries please consult the website of your country’s authority. If you are unsure who your jurisdiction’s supervisory authority is, please contact us using the details linked to at the top of this page.
|
According to which country you are in, you may have some additional rights.
If you are in Australia, find out more…
If you are in Australia, the following additional information applies to you:
- if you do not provide your personal information to us, we may not be able to (as applicable) provide you with the information, products or services that you request; and
- our Privacy Policy (available here) explains: (i) how you may access and correct the personal information that we hold about you; (ii) how you can lodge a complaint regarding our handling of your personal information; and (iii) how we will handle any complaint.
If you are in France, find out more…
If you are in France, you have the right to give us instructions regarding information we hold about you in the event of your death (specifically, whether we should store or delete it, and whether others should have the right to see it). You may:
- issue general instructions to a digital service provider registered with the French data protection supervisory authority (called “CNIL”) (these instructions apply to all use of information about you); or
- give us specific instructions that apply only to our use of information about you.
Your instructions may require us to transfer information about you to a third party (but where the information contains information about others, our obligation to respect also their privacy rights might mean that we can’t follow your instructions to the letter). You may appoint a third party to be responsible for ensuring your instructions are followed. If you do not appoint a third party in that way, your successors will (unless you specify otherwise in your instructions) be entitled to exercise your rights over information about you after your death:
- in order to administer your estate (in which case your successors will be able to access information about you to identify and obtain information that could be useful to administer your estate, including any digital goods or data that could be considered a family memory that is transferable to your successors); and
- to ensure that parties using information about you take into account your death (such as closing your account, and restricting the use of, or updating, information about you).
You may amend or revoke your instructions at any time. For further information on the processing of information about you in the event of your death, see Article 40-1 of the law 78-17 dated 6 January 1978. When you die, by default, you will stop using your account and we will delete information about you in accordance with our retention policies (see the paragraph “How long will information about you be kept?” for details).
If you are in the Philippines, find out more…
If you are in the Philippines, you may have rights in addition to those set out in this notice in accordance with the Philippine Data Privacy Act and its implementing rules and regulations, including the National Privacy Commission’s Privacy Policy Office Advisory Opinion No. 2018-031.
If you are in Japan, find out more…
To the extent permitted by applicable law, we may share information about you with PMI affiliates’ carefully selected third party business partners including advertisers and data analysing businesses (in line with the kind of thing you might associate with our products, for example because they have similar or complementary image, style, or functionality) so that they can contact you with products, services and promotions that they think may interest you, in accordance with your preferences, or they can analyse your preference and we can contact you with more tailor-made offers.
In addition to this, we may receive from third parties’ Personal Referable Information, i.e. information with which a specific individual cannot be identified and use it by associating with information about you which we already possess, only if you agree to do so.
Under the age verification requirements, by “adult” we understand individuals that are over 20 years old (the legal age to purchase tobacco products).
If you are in Taiwan, find out more…
If you are in Taiwan, the following additional information applies to you:
If you do not provide your personal information to us, we may not be able to (as applicable) provide you with the information, products or services that you request.
If you are in Colombia, find out more…
This Privacy Notice must be understood as a Personal Data Processing Policy in the terms of Colombian law. For all activities that involve the processing of personal data, including the international transfer of personal data, we will abide by the provisions of Law 1581 of 2012, Decree 1377 of 2017 and the other regulations that modify or add them, for which we will always obtain your consent in advance, unless a legal exception applies. You may: (i) optionally answer the questions about sensitive data or about the data of children and adolescents; (ii) request to be informed by us, upon request, regarding the use that we have given to your personal data; (iii) ask us for proof of your consent, and; (iv) withdraw your consent, provided there is no legal or contractual duty to remain in a database. We may request information related to your status as a smoker, based on the type of product we sell. Enquires, complaints and claims are handled by the Privacy area. If you wish to contact this area, you can find the contact information in the linked data that appears at the top of this notice. This notice is effective for Colombia on September 13, 2023.
If you are in Switzerland, find out more…
If you are in Switzerland, information about you may be transferred outside of Switzerland, including to a country or territory that may not have equivalent data protection standards. In such cases, the transfer will be subject to appropriate safeguards such as the Standard Contractual Clauses in accordance with the new Data Protection Act and guidance from the Federal Data Protection and Information Commissioner.
If you have any questions, or wish to exercise any of your rights, you can find contact details for the relevant PMI affiliate, and if applicable data protection officer, linked to at the top of this notice. Contact details will also be given in any communications that a PMI affiliate sends you.
If your country has a data protection authority, you have a right to contact it with any questions or concerns. If the relevant PMI affiliate cannot resolve your questions or concerns, you may also have the right to seek judicial remedy before a national court.
We may update this notice (and any supplemental privacy notice), from time to time. Where the law requires it, we will notify you of the changes; further, where the law requires it, we will also obtain your consent to the changes.
Last modified 09 February 2024
